Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA 5510 Performance

On Cisco website it says that the Maximum Firewall throughput (Mbps) on a ASA 5510 is 300 Mbps.

- How can I measure this?

Thanks,

NG

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA 5510 Performance

No.

I am not sure how you are getting these numbers and if they are ingress or egress but the throughput is not the aggregate of all the interfaces.

For example for

outside - 16 MB

inside - 12 MB

If the inside 12Mbps are going to the outside then we have 12Mbps throughput plus 4Mbps on the outside that are dropped or sent to other interfaces. So, in that case the throughput is about 16Mbps.

But also the direction is important. In other words you would need to know if the traffic is ingress or egress and what interfaces it are traversing in order to find the throughput..

I hope it makes sense.

PK

6 REPLIES
Cisco Employee

Re: ASA 5510 Performance

Put 10 hosts inside and one host on the outside that can server as a tftp server. Open ACLs inbound and outbound Each host must have 100Mbps links. Start 10 simultaneous TFTP transfers from the inside hosts. The total aggregate throughput will be close to 300Mbps.

I hope it helps.

PK

New Member

Re: ASA 5510 Performance

I have used iperf with success before, it generates traffic and measure throughput. You can tune the traffic type too (tcp/udp/packet size etc) so it gives you a bit more information than just a plain 'download'.

Regards

New Member

Re: ASA 5510 Performance

If you have sub-interface how can you measure the total throughput?

If you want to use iperf how can you use this, can you give an example?

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 2xx.2xx.1xx.x 255.255.255.xxx standby 2xx.2xx.1xx.x

!

interface Ethernet0/1

no nameif

no security-level

no ip address

!

interface Ethernet0/1.11

vlan 11

nameif inside

security-level 100

ip address 10.4x.xx.20 255.255.255.0 standby 10.4x.xx.21

!

interface Ethernet0/1.12

vlan 12

nameif LISTENER

security-level 75

ip address 10.4x.xx.20 255.255.255.0 standby 10.4x.xx.21

!

interface Ethernet0/1.13

vlan 13

nameif WEB

security-level 25

ip address 10.4x.xx.20 255.255.255.0 standby 10.4x.xx.21

!

-NG

New Member

Re: ASA 5510 Performance

Looking at the ASA inside, outside, LISTENER, WEB interfaces:

outside - 16 MB

inside - 12 MB

LISTENER - 8 MB

WEB - 10 MB

!
interface Ethernet0/0
nameif outside
!
interface Ethernet0/1
!
interface Ethernet0/1.11
  nameif inside
!
interface Ethernet0/1.12

nameif LISTENER
!
interface Ethernet0/1.13
nameif WEB
!

Does it mean that the total throughput of my ASA is 16 MB + 12 MB + 8 MB + 10 MB = 46 MB

-NG

Cisco Employee

Re: ASA 5510 Performance

No.

I am not sure how you are getting these numbers and if they are ingress or egress but the throughput is not the aggregate of all the interfaces.

For example for

outside - 16 MB

inside - 12 MB

If the inside 12Mbps are going to the outside then we have 12Mbps throughput plus 4Mbps on the outside that are dropped or sent to other interfaces. So, in that case the throughput is about 16Mbps.

But also the direction is important. In other words you would need to know if the traffic is ingress or egress and what interfaces it are traversing in order to find the throughput..

I hope it makes sense.

PK

New Member

Re: ASA 5510 Performance

Thanks!

I am getting confused now with number of people in my Org telling differently. Let me put this one more time in simple words.

(inside) Eth0/1 -- [ASA 5510] -- Eth0/0 (outside)

Ingress - Traffic coming TO port Eth0/0 from outside

Egress - Traffic leaving FROM port Eth0/0 for outside

-NG

2362
Views
0
Helpful
6
Replies
CreatePlease to create content